storing`passwords in cookies

J

Jason

I have a .net application with forms authentication. I
need to store the password entered at the login screen for
later use. I can either store it in a session object or in
the forms authentication ticket. I think the ticket is the
right place because the password is a property of the
user, and therefore part of the identity. I know it will
be encrypted before it is written to the cookie but is
this the right answer? How safe is the password?
 
C

Cowboy \(Gregory A. Beamer\)

Anytime you send something out to the client, there is a possibility of
compromise. While it is slim, you should consider it. In general, I create a
user object and use it to store reused variables. It can be placed in
session. I would not put the password, as you should not need it agani.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Passwords in Event Log 1
Hash Passwords 1
Accessing Active Directory and Storing Passwords 1
Forms authentication cookies not expiring... 2
ASP.Net Forms Authentication - Storing Enrypted Ticket In HttpCookie 2
Role management using cookies 0
SQLMembershipProvider: Comparing Hashed Passwords 7
Forms authentication cookie handling question (C#) 4

Members online

No members online now.
Total: 33 (members: 1, guests: 32)
Robots: 241

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,008
Latest member
obedient dusk

Latest Threads

Top